update examples

Author: IndominusByte

README.md

@@ -3,7 +3,6 @@
 [![Build Status](https://travis-ci.org/IndominusByte/fastapi-jwt-auth.svg?branch=master)](https://travis-ci.org/IndominusByte/fastapi-jwt-auth)
 [![Coverage Status](https://coveralls.io/repos/github/IndominusByte/fastapi-jwt-auth/badge.svg?branch=master)](https://coveralls.io/github/IndominusByte/fastapi-jwt-auth?branch=master)
 [![PyPI version](https://badge.fury.io/py/fastapi-jwt-auth.svg)](https://badge.fury.io/py/fastapi-jwt-auth)
-[![Downloads](https://pepy.tech/badge/fastapi-jwt-auth/month)](https://pepy.tech/project/fastapi-jwt-auth/month)
 [![Downloads](https://pepy.tech/badge/fastapi-jwt-auth)](https://pepy.tech/project/fastapi-jwt-auth)
 
 ## Features

docs/index.md

@@ -1,27 +1 @@
-<h1 align="center" style="margin-bottom: 20px; font-weight: 500; font-size: 50px;">
-  FastAPI JWT Auth
-</h1>
-<p align="center">
-    <em>FastAPI extension that provides JWT Auth support (secure, easy to use, and lightweight)</em>
-</p>
-
-[![Build Status](https://travis-ci.org/IndominusByte/fastapi-jwt-auth.svg?branch=master)](https://travis-ci.org/IndominusByte/fastapi-jwt-auth)
-[![Coverage Status](https://coveralls.io/repos/github/IndominusByte/fastapi-jwt-auth/badge.svg?branch=master)](https://coveralls.io/github/IndominusByte/fastapi-jwt-auth?branch=master)
-[![PyPI version](https://badge.fury.io/py/fastapi-jwt-auth.svg)](https://badge.fury.io/py/fastapi-jwt-auth)
-[![Downloads](https://pepy.tech/badge/fastapi-jwt-auth)](https://pepy.tech/project/fastapi-jwt-auth)
-
----
-
-**Documentation**: <a href="https://IndominusByte.github.io/fastapi-jwt-auth/" target="_blank">https://IndominusByte.github.io/fastapi-jwt-auth/</a>
-
-**Source Code**: <a href="https://github.com/IndominusByte/fastapi-jwt-auth/" target="_blank">https://github.com/IndominusByte/fastapi-jwt-auth/</a>
-
----
-
-## Features
-FastAPI extension that provides JWT Auth support (secure, easy to use and lightweight), if you were familiar with flask-jwt-extended this extension suitable for you because this extension inspired by flask-jwt-extended.
-
-- Access token and refresh token
-- Token freshness will only allow fresh tokens to access endpoint
-- Token revoking/blacklisting
-- Custom token revoking
+{!../README.md!}

docs/usage/basic.md

@@ -1,57 +1,7 @@
 Create a file `basic.py`:
 
 ```python
-from fastapi import FastAPI, HTTPException, Depends, Request
-from fastapi.responses import JSONResponse
-from fastapi_jwt_auth import AuthJWT
-from fastapi_jwt_auth.exceptions import AuthJWTException
-from pydantic import BaseModel
-
-app = FastAPI()
-
-class User(BaseModel):
-    username: str
-    password: str
-
-# in production you can use Settings management
-# from pydantic to get secret key from .env
-class Settings(BaseModel):
-    authjwt_secret_key: str = "secret"
-
-# callback to get your configuration
-@AuthJWT.load_config
-def get_config():
-    return Settings()
-
-# exception handler for authjwt
-# in production, you can tweak performance using orjson response
-@app.exception_handler(AuthJWTException)
-def authjwt_exception_handler(request: Request, exc: AuthJWTException):
-    return JSONResponse(
-        status_code=exc.status_code,
-        content={"detail": exc.message}
-    )
-
-# provide a method to create access tokens. The create_access_token()
-# function is used to actually generate the token to use authorization
-# later in endpoint protected
-@app.post('/login')
-def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != "test" and user.password != "test":
-        raise HTTPException(status_code=401,detail="Bad username or password")
-
-    # subject identifier for who this token is for example id or username from database
-    access_token = Authorize.create_access_token(subject=user.username)
-    return {"access_token": access_token}
-
-# protect endpoint with function jwt_required(), which requires
-# a valid access token in the request headers to access.
-@app.get('/user')
-def user(Authorize: AuthJWT = Depends()):
-    Authorize.jwt_required()
-
-    current_user = Authorize.get_jwt_subject()
-    return {"user": current_user}
+{!../examples/basic.py!}
 ```
 
 Run the server with:

docs/usage/freshness.md

@@ -5,89 +5,5 @@ This is useful for allowing the fresh token to do some critical things (such as
 Here is an example of how you could utilize refresh tokens with the fresh token pattern:
 
 ```python
-from fastapi import FastAPI, HTTPException, Depends, Request
-from fastapi.responses import JSONResponse
-from fastapi_jwt_auth import AuthJWT
-from fastapi_jwt_auth.exceptions import AuthJWTException
-from pydantic import BaseModel
-
-app = FastAPI()
-
-class User(BaseModel):
-    username: str
-    password: str
-
-class Settings(BaseModel):
-    authjwt_secret_key: str = "secret"
-
-@AuthJWT.load_config
-def get_config():
-    return Settings()
-
-@app.exception_handler(AuthJWTException)
-def authjwt_exception_handler(request: Request, exc: AuthJWTException):
-    return JSONResponse(
-        status_code=exc.status_code,
-        content={"detail": exc.message}
-    )
-
-# Standard login endpoint. Will return a fresh access token and a refresh token
-@app.post('/login')
-def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != "test" and user.password != "test":
-        raise HTTPException(status_code=401,detail="Bad username or password")
-
-    """
-    create_access_token supports an optional 'fresh' argument,
-    which marks the token as fresh or non-fresh accordingly.
-    As we just verified their username and password, we are
-    going to mark the token as fresh here.
-    """
-    access_token = Authorize.create_access_token(subject=user.username,fresh=True)
-    refresh_token = Authorize.create_refresh_token(subject=user.username)
-    return {"access_token": access_token, "refresh_token": refresh_token}
-
-@app.post('/refresh')
-def refresh(Authorize: AuthJWT = Depends()):
-    """
-    Refresh token endpoint. This will generate a new access token from
-    the refresh token, but will mark that access token as non-fresh,
-    as we do not actually verify a password in this endpoint.
-    """
-    Authorize.jwt_refresh_token_required()
-
-    current_user = Authorize.get_jwt_subject()
-    new_access_token = Authorize.create_access_token(subject=current_user,fresh=False)
-    return {"access_token": new_access_token}
-
-@app.post('/fresh-login')
-def fresh_login(user: User, Authorize: AuthJWT = Depends()):
-    """
-    Fresh login endpoint. This is designed to be used if we need to
-    make a fresh token for a user (by verifying they have the
-    correct username and password). Unlike the standard login endpoint,
-    this will only return a new access token, so that we don't keep
-    generating new refresh tokens, which entirely defeats their point.
-    """
-    if user.username != "test" and user.password != "test":
-        raise HTTPException(status_code=401,detail="Bad username or password")
-
-    new_access_token = Authorize.create_access_token(subject=user.username,fresh=True)
-    return {"access_token": new_access_token}
-
-# Any valid JWT access token can access this endpoint
-@app.get('/protected')
-def protected(Authorize: AuthJWT = Depends()):
-    Authorize.jwt_required()
-
-    current_user = Authorize.get_jwt_subject()
-    return {"user": current_user}
-
-# Only fresh JWT access token can access this endpoint
-@app.get('/protected-fresh')
-def protected_fresh(Authorize: AuthJWT = Depends()):
-    Authorize.fresh_jwt_required()
-
-    current_user = Authorize.get_jwt_subject()
-    return {"user": current_user}
+{!../examples/freshness.py!}
 ```

docs/usage/optional.md

@@ -1,45 +1,5 @@
 In some cases you want to use one endpoint for both, protected and unprotected. in this situation you can use function <b>jwt_optional()</b>. this will allow the endpoint to be accessed regardless of if a JWT is sent in the request or not. if a JWT get tampering or expired an error will be returned instead of calling the endpoint.
 
 ```python
-from fastapi import FastAPI, HTTPException, Depends, Request
-from fastapi.responses import JSONResponse
-from fastapi_jwt_auth import AuthJWT
-from fastapi_jwt_auth.exceptions import AuthJWTException
-from pydantic import BaseModel
-
-app = FastAPI()
-
-class User(BaseModel):
-    username: str
-    password: str
-
-class Settings(BaseModel):
-    authjwt_secret_key: str = "secret"
-
-@AuthJWT.load_config
-def get_config():
-    return Settings()
-
-@app.exception_handler(AuthJWTException)
-def authjwt_exception_handler(request: Request, exc: AuthJWTException):
-    return JSONResponse(
-        status_code=exc.status_code,
-        content={"detail": exc.message}
-    )
-
-@app.post('/login')
-def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != "test" and user.password != "test":
-        raise HTTPException(status_code=401,detail="Bad username or password")
-
-    access_token = Authorize.create_access_token(subject=user.username)
-    return {"access_token": access_token}
-
-@app.get('/partially-protected')
-def partially_protected(Authorize: AuthJWT = Depends()):
-    Authorize.jwt_optional()
-
-    # If no jwt is sent in the request, get_jwt_subject() will return None
-    current_user = Authorize.get_jwt_subject() or "anonymous"
-    return {"user": current_user}
+{!../examples/optional.py!}
 ```

docs/usage/refresh.md

@@ -5,61 +5,5 @@ Utilizing refresh tokens we can help reduce the damage that can be done if an ac
 Here is an example of using access and refresh tokens:
 
 ```python
-from fastapi import FastAPI, HTTPException, Depends, Request
-from fastapi.responses import JSONResponse
-from fastapi_jwt_auth import AuthJWT
-from fastapi_jwt_auth.exceptions import AuthJWTException
-from pydantic import BaseModel
-
-app = FastAPI()
-
-class User(BaseModel):
-    username: str
-    password: str
-
-class Settings(BaseModel):
-    authjwt_secret_key: str = "secret"
-
-@AuthJWT.load_config
-def get_config():
-    return Settings()
-
-@app.exception_handler(AuthJWTException)
-def authjwt_exception_handler(request: Request, exc: AuthJWTException):
-    return JSONResponse(
-        status_code=exc.status_code,
-        content={"detail": exc.message}
-    )
-
-@app.post('/login')
-def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != "test" and user.password != "test":
-        raise HTTPException(status_code=401,detail="Bad username or password")
-
-    # Use create_access_token() and create_refresh_token() to create our
-    # access and refresh tokens
-    access_token = Authorize.create_access_token(subject=user.username)
-    refresh_token = Authorize.create_refresh_token(subject=user.username)
-    return {"access_token": access_token, "refresh_token": refresh_token}
-
-@app.post('/refresh')
-def refresh(Authorize: AuthJWT = Depends()):
-    """
-    The jwt_refresh_token_required() function insures a valid refresh
-    token is present in the request before running any code below that function.
-    we can use the get_jwt_subject() function to get the subject of the refresh
-    token, and use the create_access_token() function again to make a new access token
-    """
-    Authorize.jwt_refresh_token_required()
-
-    current_user = Authorize.get_jwt_subject()
-    new_access_token = Authorize.create_access_token(subject=current_user)
-    return {"access_token": new_access_token}
-
-@app.get('/protected')
-def protected(Authorize: AuthJWT = Depends()):
-    Authorize.jwt_required()
-
-    current_user = Authorize.get_jwt_subject()
-    return {"user": current_user}
+{!../examples/refresh.py!}
 ```

docs/usage/revoking.md

@@ -3,6 +3,7 @@ This will allow you to revoke a specific token so that it can no longer access y
 Here is a basic example use token revoking:
 
 ```python
+{!../examples/denylist.py!}
 ```
 
 In production, you will likely want to use either a database or in-memory store (such as Redis) to store your tokens. memory stores are great if you are wanting to revoke a token when the users log out and you can define timeout to your token in Redis, after the timeout has expired, the token will automatically be deleted.

examples/basic.py

@@ -1,39 +1,51 @@
-from fastapi import FastAPI, Depends, HTTPException
+from fastapi import FastAPI, HTTPException, Depends, Request
+from fastapi.responses import JSONResponse
 from fastapi_jwt_auth import AuthJWT
-from pydantic import BaseModel, Field
-
-"""
-set secret key to environment variable with this command
-export AUTHJWT_SECRET_KEY=secretkey, in terminal linux, macOS, Windows Bash
-run app with this command uvicorn basic:app --host 0.0.0.0
-if you install python-dotenv run this command below
-uvicorn basic:app --host 0.0.0.0 --port 5000 --env-file .env
-"""
+from fastapi_jwt_auth.exceptions import AuthJWTException
+from pydantic import BaseModel
 
 app = FastAPI()
 
 class User(BaseModel):
-    username: str = Field(...,min_length=1)
-    password: str = Field(...,min_length=1)
+    username: str
+    password: str
+
+# in production you can use Settings management
+# from pydantic to get secret key from .env
+class Settings(BaseModel):
+    authjwt_secret_key: str = "secret"
+
+# callback to get your configuration
+@AuthJWT.load_config
+def get_config():
+    return Settings()
+
+# exception handler for authjwt
+# in production, you can tweak performance using orjson response
+@app.exception_handler(AuthJWTException)
+def authjwt_exception_handler(request: Request, exc: AuthJWTException):
+    return JSONResponse(
+        status_code=exc.status_code,
+        content={"detail": exc.message}
+    )
 
-# Provide a method to create access tokens. The create_access_token()
-# function is used to actually generate the token, and you can return
-# it to the caller however you choose.
-@app.post('/login',status_code=200)
+# provide a method to create access tokens. The create_access_token()
+# function is used to actually generate the token to use authorization
+# later in endpoint protected
+@app.post('/login')
 def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != 'test' or user.password != 'test':
-        raise HTTPException(status_code=401,detail='Bad username or password')
+    if user.username != "test" and user.password != "test":
+        raise HTTPException(status_code=401,detail="Bad username or password")
 
-    # identity must be between string or integer
-    access_token = Authorize.create_access_token(identity=user.username)
+    # subject identifier for who this token is for example id or username from database
+    access_token = Authorize.create_access_token(subject=user.username)
     return {"access_token": access_token}
 
-@app.get('/protected',status_code=200)
-def protected(Authorize: AuthJWT = Depends()):
-    # Protect an endpoint with jwt_required, which requires a valid access token
-    # in the request to access.
+# protect endpoint with function jwt_required(), which requires
+# a valid access token in the request headers to access.
+@app.get('/user')
+def user(Authorize: AuthJWT = Depends()):
     Authorize.jwt_required()
 
-    # Access the identity of the current user with get_jwt_identity
-    current_user = Authorize.get_jwt_identity()
-    return {"logged_in_as": current_user}
+    current_user = Authorize.get_jwt_subject()
+    return {"user": current_user}